27-11-2010, 11:08 AM
[attachment=7344]
Presented by:SHYAM ASHISH
ABSTRACT
With widespread distribution of multimedia, it is critical to secure multimedia content and enforce intellectual property rights. A fundamental problem in multimedia security and forensics is to identify entities involved in the illegal usage of multimedia.
Numerous systems addressing the issue of copyright protection can be found in the literature, the majority of them being based on watermarking Watermarking is the technique of imperceptibly embedding information within the content of the original medium . Although watermarking has attracted considerable interest, it bears certain deficiencies.The requirement of embedding information inside a multimedia document before it reaches the public, implies distortion of the data at a certain extent and automatically excludes data that are already in the public domain and need to be protected. In addition, watermarking is unable to deal with content leakages, i.e. cases where an unwatermarked copy of the original artwork is stolen and distributed.
In order to overcome these inherent watermarking deficiencies,the scientific community recently started to investigate copyright protection and digital rights management in multimedia data through content based approaches These approaches, which come under different names such as DIGITAL FINGERPRINTING.
Digital fingerprinting is an important tool in multimedia forensics to trace traitors and protect multimedia content after decryption.This seminar will addresses the enforcement of digital rights when distributing multimedia over heterogeneous networks and studies the scalable multimedia fingerprinting systems in which users receive copies of different quality. We will investigate the traitor tracing capability of such scalable fingerprinting systems, in particular, the robustness of the embedded fingerprints against multi-user collusion attacks. Under the fairness constraints on collusion that all attackers share the same risk of being captured, we will analyze the maximum number of colluders that the fingerprinting systems can withstand, and our results will show that multimedia fingerprints can survive collusion attacks by a few dozen colluders.
Need of digital fingerprinting
The volume of online audio and video content is growing exponentially. An August 2009 survey conducted by the Diffusion Group for Digital smiths found that more than 70% of US Internet users surveyed had watched online video in the past week, and more than one-half had watched online TV programs.
Intel’s chief of technology, Justin Rattner, predicted, back in September 2009 at the Intel’s Developer Forum (IDF) in San Francisco, that by 2015 more than 12 billion devices will be capable of connecting to 500 billion hours of TV and video content.
These forecasts emphasize the growing need of content and rights holders to identify copyrighted content as it moves across computers and mobile phones around the world. Media owners are today looking for ways to track and control the distribution of their content on the broadcast television and the internet. They are also looking at new ways to develop business models with digital publishing platforms such as UGC or social network sites, in order to monetize their content, including through advertising revenue sharing. Content publishing companies, in turn, are looking for means to expand their business in advertising and to offer additional services that generate real revenues. There is a clear need for tech¬nology that enables flexible business rules to be applied to online content and which fits seamlessly into the established content-to-consumer delivery chain. Digital fingerprinting meets this need.
What is digital fingerprinting?
Similar to a human fingerprint that uniquely identifies a human being, a digital fingerprint uniquely identifies a piece of video/audio content. Digital Fingerprinting gives content owners and publishers more options to control the distribution of their content and also a technique for identifying users who use multimedia content for unintended purposes, such as redistribution. These fingerprints are typically embedded into the content using watermarking techniques that are designed to be robust to a variety of attacks.
An ideal fingerprinting system should fulfill several requirements. It should be able to accurately identify a media asset, regardless of the level of compression, distortion or interference in a transmission channel. For many other applications it should identify the title from excerpts as short as just a few seconds (a pro¬perty known as granularity), this requires support for shifting - the lack of synchronization between the extracted fingerprint and those stored in the database. It should also be able to deal with other sources of degradation, such as :
- Audio : pitching (playing audio faster or slower), equalization, background noise, D/A-A/D conversion, speech and audio coders (such as GSM or MP3).
- Video : heavy compression (e.g. ‘youtube’ quality and much less), insertion or removal of subtitles or logos, scaling, aspect ration change, speed change, 16:9 to 4:3, camcorder, black bars, conversion to black and white , flipping etc.
Collusion attacks
3.1 Linear Collusion
Linear collusion is one of the most feasible collusion attacks against multimedia fingerprinting. When users come together with a total of K differently fingerprinted copies of the same multimedia content, these users can simply linearly combine the K signals to produce a colluded version. Since normally no colluder is willing to take more of a risk than any other colluder, the fingerprinted signals are typically averaged with an equal weight for each user [10]-[12],[16],[17], as illustrated in Figure Averaging reduces the power of each contributing fingerprint. As the number of colluders increases, the trace of each individual fingerprint becomes weaker. In fact, the colluded signal can have better perceptual quality in that it can be more similar to the host signal than the fingerprinted signals are.
The collusion attack considered in [11] consists of adding a small amount of noise to the average of K fingerprinted documents, where the original document is perturbed by the marking process to produce fingerprinted documents with a bounded distortion from the
original document. It was shown that O(_N / logN ) adversaries are sufficient to defeat the underlying watermarks, where N is the total length of the fingerprint signal. a more general linear attack was considered,
where the colluders employ multiple input/ single-output linear shift-invariant (LSI) filtering plus additive Gaussian noise to thwart the orthogonal fingerprints. Under the assumption that all fingerprints are independent and have identical statistical characteristics, it was shown that the optimal LSI attack involves each user weighting their marked document equally prior to the addition of additive noise.
When the fingerprint is spread throughout the entire host signal by such techniques as spread-spectrum embedding and detected through some form of correlation, the cut-and-paste collusion attack has an effect that is similar to averaging collusion. In both cases, the energy of each contributing fingerprint is reduced by a factor corresponding to the amount of copies involved in the collusion. As an example, if Alice contributes half of her samples to a cut and- paste collusion, the energy of Alice’s fingerprint in the colluded copy is only half of her overall fingerprint energy. As a result, the correlation of the colluded signal with Alice’s fingerprint is roughly half the correlation of a noncolluded copy of Alice’s fingerprinted signal with her fingerprint. Therefore, when considering spread-spectrum embedding, we may consider cut and- paste collusion as analogous to averaging collusion.
3.2 Nonlinear Collusion
Linear collusion by averaging is a simple and effective way for a coalition of users to attenuate embedded fingerprints. Averaging, however, is not the only form of collusion attack available to a coalition of adversaries. In fact, for each component of the multimedia signal, the colluders can output any value between the minimum and maximum values that they have observed, and have high confidence that the spurious value they get is within the range of just-noticeable difference since each fingerprinted copy is expected to have high perceptual quality. Therefore, we next examine families of nonlinear collusion attacks. An important class of nonlinear collusion attacks is based upon such operations as taking the maximum, minimum, and median of corresponding components of the K colluders’ independent watermarked copies [10],[18]. For simplicity in analysis, nonlinear attacks are typically assumed to be performed in the same domain of features as the fingerprint embedding.
3.2.1 Nonlinear attacks [18].
Minimum/maximum/median attack: Under these three attacks, the colluders create an attacked signal in which each component is the minimum, maximum, and median, respectively, of the corresponding components of the K watermarked signals associated with the colluders.
Minmax attack: Each component of the attacked signal is the average of the maximum and minimum of the corresponding components of the K watermarked signals.
Modified negative attack: Each component of the attacked signal is the difference between the median and the sum of the maximum and minimum of the corresponding components of the K watermarked signals.
Randomized negative attack: Each component of the attacked signal takes the value of the maximum of the corresponding components of the K watermarked signals with probability p, and takes the minimum with probability (1-p).
The effectiveness of different attacks were studied in [18] based on two performance criteria: the probability of capturing at least one colluder (Pd ) and the probability of falsely accusing at least one innocent user (Pfp ). Since the colluded fingerprint components under the minimum, maximum, and randomized negative attacks do not have zero mean, preprocessing was applied to remove the mean from the colluded copy. It was observed that the overall performance under the median or minmax attacks is comparable to that of the average attack. Therefore, from the attacker’s point of view, there is no gain in employing the median or minmax attack compared to the average attack. On the other hand, the effectiveness of collusion improves under the minimum, maximum, and modified negative attacks. The randomized negative attack was shown to be the most effective attack, but it also introduces larger, more perceivable distortion to the host signal than other attacks. Colluders may also apply additional noise after the nonlinear combining [18],[19]. As the amount of distortion introduced by the nonlinear combining increases, the amount of additional noise that can be added while maintaining perceptual constraints decreases.
Presented by:SHYAM ASHISH
DIGITAL FINGERPRINTING
ABSTRACT
With widespread distribution of multimedia, it is critical to secure multimedia content and enforce intellectual property rights. A fundamental problem in multimedia security and forensics is to identify entities involved in the illegal usage of multimedia.
Numerous systems addressing the issue of copyright protection can be found in the literature, the majority of them being based on watermarking Watermarking is the technique of imperceptibly embedding information within the content of the original medium . Although watermarking has attracted considerable interest, it bears certain deficiencies.The requirement of embedding information inside a multimedia document before it reaches the public, implies distortion of the data at a certain extent and automatically excludes data that are already in the public domain and need to be protected. In addition, watermarking is unable to deal with content leakages, i.e. cases where an unwatermarked copy of the original artwork is stolen and distributed.
In order to overcome these inherent watermarking deficiencies,the scientific community recently started to investigate copyright protection and digital rights management in multimedia data through content based approaches These approaches, which come under different names such as DIGITAL FINGERPRINTING.
Digital fingerprinting is an important tool in multimedia forensics to trace traitors and protect multimedia content after decryption.This seminar will addresses the enforcement of digital rights when distributing multimedia over heterogeneous networks and studies the scalable multimedia fingerprinting systems in which users receive copies of different quality. We will investigate the traitor tracing capability of such scalable fingerprinting systems, in particular, the robustness of the embedded fingerprints against multi-user collusion attacks. Under the fairness constraints on collusion that all attackers share the same risk of being captured, we will analyze the maximum number of colluders that the fingerprinting systems can withstand, and our results will show that multimedia fingerprints can survive collusion attacks by a few dozen colluders.
Need of digital fingerprinting
The volume of online audio and video content is growing exponentially. An August 2009 survey conducted by the Diffusion Group for Digital smiths found that more than 70% of US Internet users surveyed had watched online video in the past week, and more than one-half had watched online TV programs.
Intel’s chief of technology, Justin Rattner, predicted, back in September 2009 at the Intel’s Developer Forum (IDF) in San Francisco, that by 2015 more than 12 billion devices will be capable of connecting to 500 billion hours of TV and video content.
These forecasts emphasize the growing need of content and rights holders to identify copyrighted content as it moves across computers and mobile phones around the world. Media owners are today looking for ways to track and control the distribution of their content on the broadcast television and the internet. They are also looking at new ways to develop business models with digital publishing platforms such as UGC or social network sites, in order to monetize their content, including through advertising revenue sharing. Content publishing companies, in turn, are looking for means to expand their business in advertising and to offer additional services that generate real revenues. There is a clear need for tech¬nology that enables flexible business rules to be applied to online content and which fits seamlessly into the established content-to-consumer delivery chain. Digital fingerprinting meets this need.
What is digital fingerprinting?
Similar to a human fingerprint that uniquely identifies a human being, a digital fingerprint uniquely identifies a piece of video/audio content. Digital Fingerprinting gives content owners and publishers more options to control the distribution of their content and also a technique for identifying users who use multimedia content for unintended purposes, such as redistribution. These fingerprints are typically embedded into the content using watermarking techniques that are designed to be robust to a variety of attacks.
An ideal fingerprinting system should fulfill several requirements. It should be able to accurately identify a media asset, regardless of the level of compression, distortion or interference in a transmission channel. For many other applications it should identify the title from excerpts as short as just a few seconds (a pro¬perty known as granularity), this requires support for shifting - the lack of synchronization between the extracted fingerprint and those stored in the database. It should also be able to deal with other sources of degradation, such as :
- Audio : pitching (playing audio faster or slower), equalization, background noise, D/A-A/D conversion, speech and audio coders (such as GSM or MP3).
- Video : heavy compression (e.g. ‘youtube’ quality and much less), insertion or removal of subtitles or logos, scaling, aspect ration change, speed change, 16:9 to 4:3, camcorder, black bars, conversion to black and white , flipping etc.
Collusion attacks
3.1 Linear Collusion
Linear collusion is one of the most feasible collusion attacks against multimedia fingerprinting. When users come together with a total of K differently fingerprinted copies of the same multimedia content, these users can simply linearly combine the K signals to produce a colluded version. Since normally no colluder is willing to take more of a risk than any other colluder, the fingerprinted signals are typically averaged with an equal weight for each user [10]-[12],[16],[17], as illustrated in Figure Averaging reduces the power of each contributing fingerprint. As the number of colluders increases, the trace of each individual fingerprint becomes weaker. In fact, the colluded signal can have better perceptual quality in that it can be more similar to the host signal than the fingerprinted signals are.
The collusion attack considered in [11] consists of adding a small amount of noise to the average of K fingerprinted documents, where the original document is perturbed by the marking process to produce fingerprinted documents with a bounded distortion from the
original document. It was shown that O(_N / logN ) adversaries are sufficient to defeat the underlying watermarks, where N is the total length of the fingerprint signal. a more general linear attack was considered,
where the colluders employ multiple input/ single-output linear shift-invariant (LSI) filtering plus additive Gaussian noise to thwart the orthogonal fingerprints. Under the assumption that all fingerprints are independent and have identical statistical characteristics, it was shown that the optimal LSI attack involves each user weighting their marked document equally prior to the addition of additive noise.
When the fingerprint is spread throughout the entire host signal by such techniques as spread-spectrum embedding and detected through some form of correlation, the cut-and-paste collusion attack has an effect that is similar to averaging collusion. In both cases, the energy of each contributing fingerprint is reduced by a factor corresponding to the amount of copies involved in the collusion. As an example, if Alice contributes half of her samples to a cut and- paste collusion, the energy of Alice’s fingerprint in the colluded copy is only half of her overall fingerprint energy. As a result, the correlation of the colluded signal with Alice’s fingerprint is roughly half the correlation of a noncolluded copy of Alice’s fingerprinted signal with her fingerprint. Therefore, when considering spread-spectrum embedding, we may consider cut and- paste collusion as analogous to averaging collusion.
3.2 Nonlinear Collusion
Linear collusion by averaging is a simple and effective way for a coalition of users to attenuate embedded fingerprints. Averaging, however, is not the only form of collusion attack available to a coalition of adversaries. In fact, for each component of the multimedia signal, the colluders can output any value between the minimum and maximum values that they have observed, and have high confidence that the spurious value they get is within the range of just-noticeable difference since each fingerprinted copy is expected to have high perceptual quality. Therefore, we next examine families of nonlinear collusion attacks. An important class of nonlinear collusion attacks is based upon such operations as taking the maximum, minimum, and median of corresponding components of the K colluders’ independent watermarked copies [10],[18]. For simplicity in analysis, nonlinear attacks are typically assumed to be performed in the same domain of features as the fingerprint embedding.
3.2.1 Nonlinear attacks [18].
Minimum/maximum/median attack: Under these three attacks, the colluders create an attacked signal in which each component is the minimum, maximum, and median, respectively, of the corresponding components of the K watermarked signals associated with the colluders.
Minmax attack: Each component of the attacked signal is the average of the maximum and minimum of the corresponding components of the K watermarked signals.
Modified negative attack: Each component of the attacked signal is the difference between the median and the sum of the maximum and minimum of the corresponding components of the K watermarked signals.
Randomized negative attack: Each component of the attacked signal takes the value of the maximum of the corresponding components of the K watermarked signals with probability p, and takes the minimum with probability (1-p).
The effectiveness of different attacks were studied in [18] based on two performance criteria: the probability of capturing at least one colluder (Pd ) and the probability of falsely accusing at least one innocent user (Pfp ). Since the colluded fingerprint components under the minimum, maximum, and randomized negative attacks do not have zero mean, preprocessing was applied to remove the mean from the colluded copy. It was observed that the overall performance under the median or minmax attacks is comparable to that of the average attack. Therefore, from the attacker’s point of view, there is no gain in employing the median or minmax attack compared to the average attack. On the other hand, the effectiveness of collusion improves under the minimum, maximum, and modified negative attacks. The randomized negative attack was shown to be the most effective attack, but it also introduces larger, more perceivable distortion to the host signal than other attacks. Colluders may also apply additional noise after the nonlinear combining [18],[19]. As the amount of distortion introduced by the nonlinear combining increases, the amount of additional noise that can be added while maintaining perceptual constraints decreases.
